| holicisticscrarws.shop/GyCv | 104.21.40.92 | 403 Forbidden | 5.9 kB |
URL User Request GET HTTP/1.1holicisticscrarws.shop/GyCv IP104.21.40.92:80
File typeHTML document, ASCII text, with very long lines (14391), with no line terminators Hash9618e351357226d2ad09525c42cb36d0 10dcaa261e0cfd21dbfb13cb600e5f419e1d78d8 131359d7eccff3587ef97b22f1d0e781dbd069f6f9f6d5e3819cb20230b7e98f
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /GyCv HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 02:42:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 08ZZNWa32z4gXl0NodyR97bKn8c61daXU+qlCJw5ryUiQ/Z1abZ0ZPs0CnGtZYzvRjbu7smcu1d6R9Crk9yNQExRJ8igXK/Qanj12rY+Tr0bnCZw9X56KO3EcR53MzB30neUD3mcYfSYvwtYEvkp6Q==$ajlc0uNX5xG0IqDFkjCKQA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ov44KHCYjI8gb5CREHxRLSknEvTAfc3PUeSkO9a9YSYLK1l5ZU4RsAiusQl%2Ba9pEuKnjDJE%2FJX9xkdj9tZPl%2FHF5XRUJkLis9%2FEKz9OKql012GEDpYbWrTGIyb0uSWkBCETpnnz10%2BKy"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880618bddaf656ae-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880618bddaf656ae | 172.67.183.72 | | 116 kB |
URL holicisticscrarws.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880618bddaf656ae IP172.67.183.72:0
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size116 kB (115686 bytes) Hashd5fd3baa8d82ae2b8bd29acd9d269449 82658bb9f98ffd2841cc5eec1e5c050d3bd65e7c 9e70d038096154c2e9639d2ab0c94521ad3e882395e0c4b02b7f9c43c917988d
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880618bddaf656ae HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/GyCv?__cf_chl_rt_tk=tPp2u2WzHjkCRLzaQx3KPb78wJhlt_aHzbCy58EhrL4-1715136148-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:42:28 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jKY8pkFkQZeiw9UblqLubagnJpNWDXGPDMu7xa1kXVm4Kl%2Ba6UvAj4WqslYYWoo4qkXqnYl7qMynZ4X%2B%2B2padJNnFxQi%2B4fIYuwrooAAVQZUJetHEdIcMwZavUeNeV3dUEL%2B0udjfPY7"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880618bf5c1756af-OSL
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/favicon.ico | 172.67.183.72 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1holicisticscrarws.shop/favicon.ico IP172.67.183.72:80
Requested byhttp://holicisticscrarws.shop/GyCv
File typeHTML document, ASCII text, with very long lines (14398), with no line terminators Hash9460766ffb99a2d95c6163b563f69548 fe5b1b8f085fd743a7ea84ee150c476098995f16 66e4b4c71ef1353379bebf7319c29a7dc542bdf99cbce3633757338f09b5d3b4
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/GyCv
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 02:42:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: ZRQVz6tm9E5HxRNGlQz/ML360gRRSW47A9cjNRcCxqWiRCxfmWUQK3+5ta31nod1Sq1/wtEaI/aoO8vrswpPjz+vQojIlLppNOECfY+uRpjXx9TBIEaVO5AQd+OFpEWTIRP+qyhHISuAVHMAppFggg==$quvh/7rF2e7yNStVCpXEZA==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I%2FxfK4CETiMEq6LbzmQmLyXmkw%2B7WPo4GF8qv5PtTzTK%2BgSABFDMFSwzC8B5cJJ2DE8C6mlG%2F64nM%2FLh4jdN2OkZCVYcjMHAP5s8fzukBmaV6jfRp%2BvjgkecCzpojWEU5oRMJMwG6PHx"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880618c02b4c56c7-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/61805998:1715131794:e7wP58n2Zgf4K6PHtDfFtGDMcwXK3c62UxdsEpq_3YM/880618bddaf656ae/a05c6ae5731e36a | 172.67.183.72 | | 12 kB |
URL holicisticscrarws.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/61805998:1715131794:e7wP58n2Zgf4K6PHtDfFtGDMcwXK3c62UxdsEpq_3YM/880618bddaf656ae/a05c6ae5731e36a IP172.67.183.72:0
File typeASCII text, with very long lines (16312), with no line terminators Hashe3ee28f0210a59415e37dd4a1d4b1a8f 63abc06b62958275c8a3d863b5e1023d00720840 4abb0ceffa43811765742a5c7f8d0abb616df2b894e6d9908cf99518cd902018
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/61805998:1715131794:e7wP58n2Zgf4K6PHtDfFtGDMcwXK3c62UxdsEpq_3YM/880618bddaf656ae/a05c6ae5731e36a HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/GyCv
Content-type: application/x-www-form-urlencoded
CF-Challenge: a05c6ae5731e36a
Content-Length: 1866
Origin: http://holicisticscrarws.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:42:28 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: Ds7hBWuiqMPQoJxR/TUzqy9tYHmM/sEHSUVm5n5tDtElBdzfhRel/kVcFzz5uABX$nCV9SSBIPjH0r/rJznxYNQ==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VnnYf8AaZ8BWKW3jyfeg1twP%2FnYoRHGyHb52tZ8OnuIz7qusvrnY7ZPy4D8dJ0RNX9tvGGqWPK8jVwAfhTvxlg84woCtck0%2B9wTNzjauT%2Bm8%2BtCEINU2E3dJdE%2Fh6ZQFb%2BvWkC77AezE"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880618c12e2256be-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.3.184:0
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/92tsx/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 02:42:28 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 880618c2ab2b1c06-OSL
alt-svc: h3=":443"; ma=86400
|
|
| holicisticscrarws.shop/favicon.ico | 172.67.183.72 | 403 Forbidden | 503 B |
URL GET HTTP/1.1holicisticscrarws.shop/favicon.ico IP172.67.183.72:80
Requested byhttp://holicisticscrarws.shop/GyCv
Hash4a0948f96e412ae5800f3f9c68a5ab5f 0d00c924a4c2239cdb39f526eee66a361a5cff91 ab96a8fd7f3d1cca01a04e1aa2bf9e672dfeb0ce2447fe0e1b912a208f10b4c4
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/GyCv?__cf_chl_rt_tk=tPp2u2WzHjkCRLzaQx3KPb78wJhlt_aHzbCy58EhrL4-1715136148-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 02:42:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 7Ay3p502hOb89ce7HfUq62iXgQJBojEvgex2Ao5vbwnxEwGNUL25VbS/Wzc+jHqz19/N7Qu7bvAJexaNe+41vuWoNDnZi+OP8spxKCLdvPHpc/zjSgboQdX4Z8Z5FgU0nq9PxC6wTa3VJBmN1OwCTQ==$9sfnv2AsTgzoL9CUPWe4pg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qox6g9%2BOj6pCkqrNrFcxIiWxdewQ8seltFhwQKAttj%2BdO3HLHEZ7fUtNRjKO3jHVf4%2FSTCiKc%2BpHIuMd6tPR1ApUucbP2geIr%2BaFQ2lq%2B8UytxfBeW5Vsdq%2B6A0ymn04RfXv%2Fu5X0sDb"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880618bf9c2c56af-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/2050556481:1715135351:ochmVcTlC06nZycvBPAmQDtWNV-eTnhkp0vUtXDgg2I/880618c20b0e1c06/317995e2fda5511 | 104.17.3.184 | | 110 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/2050556481:1715135351:ochmVcTlC06nZycvBPAmQDtWNV-eTnhkp0vUtXDgg2I/880618c20b0e1c06/317995e2fda5511 IP104.17.3.184:0
File typeASCII text, with very long lines (65536), with no line terminators Size110 kB (109690 bytes) Hash6f49536fc750457e17cc2de54e1f9302 041c3e8eeadbd3725002011e4dd734c587dd2cc2 ab3470f3bfbd310c5afadb86446bb06ef38f131f17b9afb76f39f5f75d711554
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/2050556481:1715135351:ochmVcTlC06nZycvBPAmQDtWNV-eTnhkp0vUtXDgg2I/880618c20b0e1c06/317995e2fda5511 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/92tsx/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 317995e2fda5511
Content-Length: 3477
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 02:42:29 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: NaLE+NkEDNZKRmQ7hEPaQSvR6QVxXyP4Qa3WRzjGT99pJEHuE/mZxFrmrb34Z+Eyk0ojTYRlZGo1HzFhIVbOKQLI62Y3/V0xl5UiuCAoH3bZO/Ww3sr18adAaG0JjX7DeKsSxoGT8f2R204CJ7dpoTxJ/J1UObgbdNbr9FP2QpQoo+vK+5d7fHiMxBKWMby+nzfs679Vt/yQQMPXAOeoT+m1A/4uO/zym54qGeomzgx0rAoo09LwKFTQgYkZDgpzZluqSOjaveuaoZeaXyHGHuw6Al/WHyYL1/zBatNmRo5PhyZr1Fb3Yf6D1z+STVQ9iSvO5wfF6hAKO+EmbLntbO4+L01zpDtFZgp9MYv3JzoHpJ5JiiHT41ItyJIj8IMA0QX0V4s+OmYSikNNZl+6kqSVJlCRJ4huwktuNmuFVlM=$dzuifHwR+7egHyEuzu74TQ==
vary: accept-encoding
server: cloudflare
cf-ray: 880618c45be61c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880618c20b0e1c06/1715136149194/2OaIpY_YXGqLe0F | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880618c20b0e1c06/1715136149194/2OaIpY_YXGqLe0F IP104.17.3.184:0
File typePNG image data, 12 x 51, 8-bit/color RGB, non-interlaced Hash73e2c927de980741e9a6933217649ac9 eb9109ecd8837bc505bc0890ae83f2458bfe60cd deca400393bfcd56bf47717b644821d942dccec2ad7e8b2785a6d8a5a2d328ce
GET /cdn-cgi/challenge-platform/h/b/i/880618c20b0e1c06/1715136149194/2OaIpY_YXGqLe0F HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/92tsx/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 02:42:31 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 880618d1afab1c06-OSL
alt-svc: h3=":443"; ma=86400
|
|
| holicisticscrarws.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/61805998:1715131794:e7wP58n2Zgf4K6PHtDfFtGDMcwXK3c62UxdsEpq_3YM/880618bddaf656ae/a05c6ae5731e36a | 172.67.183.72 | | 1.8 kB |
URL holicisticscrarws.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/61805998:1715131794:e7wP58n2Zgf4K6PHtDfFtGDMcwXK3c62UxdsEpq_3YM/880618bddaf656ae/a05c6ae5731e36a IP172.67.183.72:0
File typeASCII text, with very long lines (2328), with no line terminators Hashf650c450a507d63bdd2619eceef8550c a81668098261dd8bd2677162ce844f4213bf9808 ec4425f5f34f079f8beb1c27a6017e63c86345976d1088d369e7d167886912e1
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/61805998:1715131794:e7wP58n2Zgf4K6PHtDfFtGDMcwXK3c62UxdsEpq_3YM/880618bddaf656ae/a05c6ae5731e36a HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/GyCv
Content-type: application/x-www-form-urlencoded
CF-Challenge: a05c6ae5731e36a
Content-Length: 2539
Origin: http://holicisticscrarws.shop
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:42:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out-s: bOM+qTkIMdQzcd4ps5ZhiQ==$JtwKvruX3Dvg7f8JmSybvA==
cf-chl-out: 8eW0KEomVWUqtFOMHkEkAQMOoITVBpBcfg9yt0jC9FQc7RS6TYrF5lAgsyhf+KLDpq0qh1dn2SBJXTPtFW/oDu0XJ9sozi7QofpEHzSByQQ=$t7nihdKeBXN4cunbc3vKlw==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jSx6U%2FkcizhWE563t%2BPCyO4Foc2KKHq4thO7K7MJ7fsqQflcrPeXk79AELGMePgsuPzF%2BbEPMVbuiWS67SdKx33yxaOtSnNplFD4AQKEY5ugcmtSWgCVVuaU1virkPuHo9U%2FNI%2FTgRR%2B"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880618eef91556be-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/2050556481:1715135351:ochmVcTlC06nZycvBPAmQDtWNV-eTnhkp0vUtXDgg2I/880618c20b0e1c06/317995e2fda5511 | 104.17.3.184 | | 27 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/2050556481:1715135351:ochmVcTlC06nZycvBPAmQDtWNV-eTnhkp0vUtXDgg2I/880618c20b0e1c06/317995e2fda5511 IP104.17.3.184:0
File typeASCII text, with very long lines (22288), with no line terminators Hashf3934301ed604fc1c37e9748b535122b 970dd22e3372c47c46cd9d90b9cc62ed01933af0 cf2beda443e05fb4d8e713dfaf2cbf2b9a0a80027aa95b7eba364fd9063309eb
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/2050556481:1715135351:ochmVcTlC06nZycvBPAmQDtWNV-eTnhkp0vUtXDgg2I/880618c20b0e1c06/317995e2fda5511 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/92tsx/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 317995e2fda5511
Content-Length: 27646
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 02:42:31 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: ioLKipV3rYgBy3fRzqONxjspozBjzFBvNEDIlLBTnWfNZgpoWQv20p6aeHl1wKPX$sxsu+WuQyTx5FDy7aYg0Wg==
vary: accept-encoding
server: cloudflare
cf-ray: 880618d2bfea1c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| holicisticscrarws.shop/GyCv | 172.67.183.72 | 403 Forbidden | 5.9 kB |
URL User Request GET HTTP/1.1holicisticscrarws.shop/GyCv IP172.67.183.72:80
File typeHTML document, ASCII text, with very long lines (14412), with no line terminators Hash035d33d9a2625a97840eb4935276d9fd c274b87ab0b4910307e5db5f2af3248f5886c73f a8efc6b9b8e1a81837c1c97b5290defa09bfff1f54780fc9a4a3112d166559b4
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /GyCv HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 02:42:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: ZvJmuJD17xSJ98zHe6953Fm/omahBkSWHnaijtyCAkQU5qqlyAsAtllZ0T4SkiMWLv4fk2Wc4zCuZfCHmkQn2oRtJMn7Vfs6w/0t9o+L0DG5f4oa1C5OO3iQUTdiJ7k5tY4HdcuCHrkUtq8GgTC7hw==$69/9c+tFlEfp5NWExXC23Q==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GClsJa6s7ao%2BDzojhqVJ6eCgCwSUWxxmkqv4g4Yr211QVxxJtQ3dfFZ2OutNNopEbiyByi%2FNA2HFWJG9dFKnMAlxZRR66Kp9uWrmcQc%2FaVI3jW8t5zOWjmNqM80z8Qyewg2nInc2Q%2FeQ"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880618fbbb9956be-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880618fbbb9956be | 172.67.183.72 | 200 OK | 112 kB |
URL GET HTTP/1.1holicisticscrarws.shop/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880618fbbb9956be IP172.67.183.72:80
Requested byhttp://holicisticscrarws.shop/GyCv
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size112 kB (111671 bytes) Hash4363587eaadf039ce4a13736e6042daa e0905c2f5a5d74d8a6a40270f07bbcea10c2d4c9 f9e706d4dbdc2bb05726454c1e85c2e7303217dbea74d77b0e760076d48d1ce7
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=880618fbbb9956be HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/GyCv?__cf_chl_rt_tk=qeIlQiUsAkop6qFKAyZ1bUtpi33OpQ32p0NzNYz4qT0-1715136158-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:42:38 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OQek8nH2hvMVJ8gedpSfwOBU19zxAbvsiqhR55grv80kD2hvB8G4g5mrEu290DJ%2BAEXE3ui5QJ9T8rK4SkDoCBOcldSTr1o1a%2B0SjnAYOBSxAwaYcWmU6lqEKqu8b9DL3XJpjul4OZRG"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880618fc198c56a2-OSL
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/favicon.ico | 172.67.183.72 | 403 Forbidden | 5.9 kB |
URL GET HTTP/1.1holicisticscrarws.shop/favicon.ico IP172.67.183.72:80
Requested byhttp://holicisticscrarws.shop/GyCv
File typeHTML document, ASCII text, with very long lines (14420), with no line terminators Hashb99c3398b2b482ef4a99181a234d8db6 d8413ead2b2ca6f4698508730e28c66565a83907 dd82c561c89d97902d331588954c8a9e0f0331b2df9b4bce0dc3f94164cb688e
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/GyCv
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 02:42:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 6Sq89JD2gvyZTuFTNrSLBS7EspR2NwOKNLGrD310NMoEtG7MNAkdkLxN5a86cNcs950c/jfp6tiOdam6j0BfG18VoHt/Y9u1VYgiI10fz0BbLOIuUMyG8ZT22yb7D/eUZIa3ii9wMh6rqVMlO496XQ==$btojkIOzNAFuX4MyRViiEw==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t%2F7M1NuYJ3YA2AgmTBj0hVUNfngLR%2FL9xy%2BTK7zGO8X7PgKHoLtd%2BKZNmXVYqDWSp5f2ap2REoMkEZzAuA%2BmXypbuFYAf1CVtet20jDAf5jIhpNOH9GCix8Or62rgnEgDkgywI7s6N9o"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880618fccad256cc-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1025768814:1715135329:NHcdJ778cJkuMwMQELgGvDj5EKC1Bn5PAUkuCGPIq2k/880618fbbb9956be/b0edad8c19c2c39 | 172.67.183.72 | 200 OK | 12 kB |
URL POST HTTP/1.1holicisticscrarws.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1025768814:1715135329:NHcdJ778cJkuMwMQELgGvDj5EKC1Bn5PAUkuCGPIq2k/880618fbbb9956be/b0edad8c19c2c39 IP172.67.183.72:80
Requested byhttp://holicisticscrarws.shop/GyCv
File typeASCII text, with very long lines (16328), with no line terminators Hash20c78e4931a2a67dea30c241558e3456 4e26573c85b5d6387dbe518fda89f6b3f4aa1d0b 2de2013669e5ef40c81f97df6564084422aeb9c20c3a939a4e73c32e6c7eee58
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1025768814:1715135329:NHcdJ778cJkuMwMQELgGvDj5EKC1Bn5PAUkuCGPIq2k/880618fbbb9956be/b0edad8c19c2c39 HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/GyCv
Content-type: application/x-www-form-urlencoded
CF-Challenge: b0edad8c19c2c39
Content-Length: 1880
Origin: http://holicisticscrarws.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:42:38 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: 2REhoceyFvfiFoCmmFeNxtfLT6EuB4uFB6WlhDLvSCyJm9JG1LjeFeZvrj6GVXmW$t6BCwGRzAX+L37XnTuCQ9g==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CpQ9bFfjpDl77VaZp62msOOleaQ%2Fd1vxO6psmx5QwXlbmRWbLIfQgykY67GaT377zBQJwHhmerlvy0Ryk%2BQmPY2E4mShmGL4QJKhKSlWNsIVGQNTXdpXMU2i2dk66Yq15zvTDeFrR7WX"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 880618fd68cc56ab-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.3.184:0
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/b/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/1bubx/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 02:42:38 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 880618ff6dc71c06-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/1bubx/0x4AAAAAAAAjq6WYeRDKmebM/light/normal | 104.17.3.184 | 200 OK | 32 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/1bubx/0x4AAAAAAAAjq6WYeRDKmebM/light/normal IP104.17.3.184:443
Requested byhttp://holicisticscrarws.shop/GyCv CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (41702) Hash87c67ee79750dec229dbd63709f7be0e 405581a68c51fd775d2863e37319f371f7ced7da bc26e0b902390219e24e4c27f1adf327e0f8bdf61c956b323a9ae4abfa0903e0
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/1bubx/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 02:42:38 GMT
content-type: text/html; charset=UTF-8
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
document-policy: js-profiling
origin-agent-cluster: ?1
referrer-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 880618fe6d881c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880618fe6d881c06/1715136158919/IE4OUbeGIe-DKAw | 104.17.3.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/880618fe6d881c06/1715136158919/IE4OUbeGIe-DKAw IP104.17.3.184:0
File typePNG image data, 23 x 82, 8-bit/color RGB, non-interlaced Hash7609db866e73c314b5b17887cfbb32f6 1e3baf412e471b06ec1989470da43fc36682552d 8d46816b1f724d71ab0ac3f2858bea3365b10d10c09de9adbdb565d76b7a062f
GET /cdn-cgi/challenge-platform/h/b/i/880618fe6d881c06/1715136158919/IE4OUbeGIe-DKAw HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/1bubx/0x4AAAAAAAAjq6WYeRDKmebM/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 08 May 2024 02:42:40 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 88061908290e1c06-OSL
alt-svc: h3=":443"; ma=86400
|
|
| holicisticscrarws.shop/favicon.ico | 172.67.183.72 | 403 Forbidden | 10 kB |
URL GET HTTP/1.1holicisticscrarws.shop/favicon.ico IP172.67.183.72:80
Requested byhttp://holicisticscrarws.shop/GyCv
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3 Hasheeaa8b4586decdcd85dbf29df9bbd1ff 18f20939ed7a003d3add2697a4611dae410529fb c9d897c9e40d4c0a70526a3953c586bc6ebbb980ecee184adaff1c88b96a0abf
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
GET /favicon.ico HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/GyCv?__cf_chl_rt_tk=qeIlQiUsAkop6qFKAyZ1bUtpi33OpQ32p0NzNYz4qT0-1715136158-0.0.1.1-1301
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Wed, 08 May 2024 02:42:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 2YtlpINFH23hI2MFe/oy0L8KbtDLkdJgiLmOWmzuQHaU8gYHjLOl2u9gwBE3jgx27Vrtc3P4f9rrDGKbePFltFab0vwUkV390Ry8m3DSjZj8NfFRytDrjsCVCSemUs/6vqCHPVftI+oG2MhZqTeAyw==$PZX2bgCla/WbkZaAwpq9rg==
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0uYhMq%2F%2BWVzSTewhqAjJzkVxY9h0PoQBAT0fCSbbKNuXCLIBOz68Zja0pd3FZexykzsjxk1zKMMvQGDWU0jAnadPjADdJ0b7qptSHc5T367n3md%2FiIzM7ex0irzzbkCgJxseGFCdgWR%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 880618fc59b456a2-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
|
|
| holicisticscrarws.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1025768814:1715135329:NHcdJ778cJkuMwMQELgGvDj5EKC1Bn5PAUkuCGPIq2k/880618fbbb9956be/b0edad8c19c2c39 | 172.67.183.72 | 200 OK | 1.8 kB |
URL POST HTTP/1.1holicisticscrarws.shop/cdn-cgi/challenge-platform/h/b/flow/ov1/1025768814:1715135329:NHcdJ778cJkuMwMQELgGvDj5EKC1Bn5PAUkuCGPIq2k/880618fbbb9956be/b0edad8c19c2c39 IP172.67.183.72:80
Requested byhttp://holicisticscrarws.shop/GyCv
File typeASCII text, with very long lines (2328), with no line terminators Hash003bfea12d57c807e910945401a98881 2d93da4670a6eccf7fdaca30357677f715b4e9f1 f68c49eac31f7e5c6d12a6455843432c88eb0400c1a95613411c9f2c68826947
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | Quad9 DNS | malicious | Sinkholed |
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1025768814:1715135329:NHcdJ778cJkuMwMQELgGvDj5EKC1Bn5PAUkuCGPIq2k/880618fbbb9956be/b0edad8c19c2c39 HTTP/1.1
Host: holicisticscrarws.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://holicisticscrarws.shop/GyCv
Content-type: application/x-www-form-urlencoded
CF-Challenge: b0edad8c19c2c39
Content-Length: 2568
Origin: http://holicisticscrarws.shop
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_i=1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 May 2024 02:42:48 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-out: bVZIKV1xZPt2HhnPENitARA/hMCI9ufyJkxVSjMcUH2aLxDevuMr21AFg8ebXMUtiaduymjfOyOkFnR+owaMgRJh/c9ZbFH5SMls+xxw4NI=$nYC4SRUoIwvFuFwY57VXUA==
cf-chl-out-s: 8VjRsBLTYCRZF27gbDSIUA==$1fzxQaPKOYGm9yJ4fNxN6g==
vary: accept-encoding
content-encoding: gzip
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WQkuXyeiSpy3X6i%2Fu2NDZbRc9eyuFUpkAOwGg%2FvKXR2NnUTwfSSbOT1UP1XAj%2BwqkwRfP9ku1uY1U%2F1ZnxopAMze6w%2BbzZvzl6mSLy9CAoKdRAPVzLurSG9op6jgiqFGwLSlbVWjNd4l"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8806193bcd4a56ab-OSL
alt-svc: h2=":443"; ma=60
|
|
| challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit | 104.17.3.184 | 200 OK | 43 kB |
URL GET HTTP/3challenges.cloudflare.com/turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit IP104.17.3.184:443
Requested byhttp://holicisticscrarws.shop/GyCv CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42565) Hasha5b92920e25651d2058f4982a108347b caeeadd68d38fdb681c52006c68880abc2e8a1a6 49a5abedf03eb8ad9a66eca7c5ccb8e59a440e06958e1e7b71d078f494178dc5
GET /turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://holicisticscrarws.shop
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 08 May 2024 02:42:38 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=604800, public
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
vary: Accept-Encoding
server: cloudflare
cf-ray: 880618fccd411c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|